PT-2024-22617 · Umbraco · Umbraco

Poan21

Published

2024-03-20

Updated

2024-03-25

CVE-2024-28868

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Umbraco 10 versions prior to 10.8.4 Umbraco 10 version 10.8.5 is not affected as it contains the fix.

Description Umbraco is an ASP.NET content management system. A user enumeration attack is possible when access to the native login screen is available. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.

Recommendations For Umbraco 10 versions prior to 10.8.4, update to version 10.8.5 to resolve the issue. As a temporary workaround, consider disabling the native login screen by exclusively using external logins until a patch is applied.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-204

Related Identifiers

CVE-2024-28868

GHSA-552F-97WF-PMPQ

Affected Products

Umbraco

PT-2024-22617 · Umbraco · Umbraco

CVE-2024-28868

Weakness Enumeration

Related Identifiers

Affected Products

References · 9